Web Total Cost Account System (WebTCAS) · The Web Total Cost Account System (WebTCAS) is a system...

Privacy Impact Assessment Web Total Cost Account System

(WebTCAS)

Iii Iii Iii

Version 202

Date July 29 2013

Prepared for USDA OCIO TPAampE

United States lejlartment ofAgriculture

USDA llivacy Impact Assessment Natural Resource Conservation Service WebTCAS

Privacy Impact Assessment for the

Web Total Cost Account System (WebTCAS)

29 July2013

Contact Point Paige Niederer

Natural Resources Conservation Service 970-295-5496

Reviewing Official Lian Jin

Acting Chief Information Security Officer United States Department ofAgriculture

202-720~8493

Page 2

Privacy Impact Assessment Natural Resource Conservation Service WebTCAS

Abstract

The Web Total Cost Account System (WebTCAS) is a system ofthe Natural Resources Conservation Service (NRCS)

NRCS employees record their individual time and attendance data using the WebTCAS Internet accessible web site interface WebTCAS processes the time and attendance data and forwards this data to produce records from which employee paychecks are derived

A Privacy Threshold Analysis (PTA) was performed indicating that a PIA must be completed This PIA is being conducted to comply with the Federal Information Security Management Act of2002 (FISMA) and theE-Government Act of2002 (Public Law 107shy347 116 Stat 2899 44 USC sect 101 HR 2458S 803) Federal Law

Overview

The Web Total Cost Account System (WebTCAS) is a system of the Natural Resources Conservation Service (NRCS) The purpose ofWebTCAS is to provide consolidated efficient and simplified reporting of employee labor hours as applied against the many various NRCS programs and projects nationwide NRCS employees record their individual time and attendance datamiddotusing the WebTCAS Internet accessible web site interface

The data contained within the WebTCAS system includes employee name USDA assigned employee number labor hours and various time charge codes (jobproject activity codes vacationsick time codes etc) HR repositories (that are maintained outside ofWebTCAS)

middot also include Social Security Number (SSN) information for NRCS employees This is PII required to transfer labor hour information to HR for payroll purposes since the payroll system does not recognize any other employee identifier

The information collected includes hours worked leave hours taken arrival and departure times time taken for lunch associated activity codes and extra accrued hours This facilitates the mission ofthe organization by providing necessary inputs for the generation of employee payroll personnel scheduling activity cost accounting and other such labor hour related administrative requirements

A typical system transaction involves an individual employee logging into the system entering labor hours for a particular day into data cells for the specific appropriate activity code(s) saving the data and logging out of the system While the NRCS employees do not enter any PII they do record their individual time and attendance data using the WebTCAS Internet accessible web site interface As data is submitted several internal modules process it These modules store the timesheet and profile information in datdbase tables use data to produce records from which employee paychecks are derived and produce views and screens used for other time recordkeeping functions Individual NRCS employees maintain their own individual WebTCAS time records After timesheets are submitted within the application by

Page 3

Privacy Impact AssessmentmiddotusoA Natural Resource Consenation Service WebTCAS

11111

the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then certifies that the timesheet is correct according to employee duties and responsibilities No PII is collected from any of the user types described herein

Certified time and attendance is linked to individual employee Social Security Number (SSN) and is periodically provided to the USDA National Finance Center (NFC) NFC then issues employee paychecks based upon the data provided WebTCAS depends on the HR database (and the primary NFC payroll system) for employee PII (ie employee names) WebTCAS also depends upon the Program Maintenance Tool (PMT) for non-PII funding data and Office Information Profile (OIP) for non-PII office information

Authority to operate CST was previously provided via the ATO granted in 2010

Section 10 Characterization of the Information

The following questions are intended to define the scope of the information requested andor collected as well as reasons for its collection as part of the program system rule or technology being developed

11 What information is collected used disseminated or maintained in the system

WebTCAS does NOT directly collecf any PII from any individual

On a continuing basis non-PII labor hour information is provided by employees This includes the hours worked on specific projects leave hours atTival I departure times time taken for lunch activity codes and extra accrued hours This non-PII data is middot collected nsed disseminated and maintained by the WebTCAS system

WebTCAS connects to the Human Resources (HR) database that is maintained ontside the accreditation boundary by HR PII obtained from HR is used to populate WebTCAS

bull Employee name is the only type ofHR PII that is maintained in WebTCAS bull Employee ID is also obtained from the HR database but this is considered a

business identifier rather than personal identifier

WebTCAS also creates a transmit file that is used to disseminate timesheets to NFC

bull The records in this file link to employee SSN that is stored in the HR database bull SSN information is protected by encryption (ie hashing) by WebTCAS

12 What are the sources of the information in the system

Page4

Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS

~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual

13 Why is the information being collected used disseminated or maintained

WebTCAS does not directly collect any PII from any individual

PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC

Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions

14 How is the information collected

NA- WebTCAS does not directly collect any PII from any individual

15 How will the information be checked for accmmiddotacy

NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application

For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities

16 What specific legal authorities arrangements andor agreements defined the collection of information

While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and

Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)

Pagesmiddot

Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I

17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated

WebTCAS does not directly collect any PII information from any individuals

The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement

External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation

Note SSN lII data is NOT maintained within the WebTCAS application aatabase

Section 20 Uses of the Information

The following questions are intended to delineate clearly the use of information and the accuracy of the data being used

21 Describe all the uses of information

The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR

bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a


22 What types of tools are used to analyze data and what type of data may be produced

Page6

Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS

~

NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII

bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced

d

23 If the system uses commercial or publicly avlilable data please explain why and how it is used

NlA- WebTCAS does not use commercial or publicly available data

24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses

e e

This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1

0 J Avdf ( cll 1115 rsr middot +

o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)

If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes

Section 30 Retention

The following questions are intended to outline how long information will be retained afterthe initial collection

31 How long is information retained

Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or

Page7


~

deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes

32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)

Yes

33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated

The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities

middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above

Section 40 Internal Sharing and Disclosure

The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture

41 With which internal organization(s) is the information shared what information is shared and for what purpose

WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS

WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC

42 How is the information tmnsmitted or disclosed

Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)

Pages

Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS

~

43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated

Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above

Section 50 External Sharing and Disclosure

The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector

51 With which external organization(s) is the information shared what information is shared and for what purpose

NA- PII is not shared or disclosed with organizations that are external to the USDA

Note that WebTCAS does not share disclose or transmit any information to the IRS

52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA


53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot


54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated

Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above

Page9

Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS

Section 60 Notice

The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation

61 Was notice provided to the individual prior to collection of information middot

NA- No notice is provided because no PII is collected from any individual by this application

62 Do individuals have the opportunity andor right to decline to provideinformation

NA- No PIT is collected from any individual by this application

63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right

NA- No PII is collected from any individual by this application

64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated

bull

Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application

Section 70 Access Redress and Correction

The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them

71 What are the procedures that allow individuals to gain access to their information

NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application

72middot What are the procedures for correcting inaccurate or erroneous information

0

Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--

NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application

73 How are individuals notified of the procedures for correcting their information

N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application

74 Ifno formal redress is provided what alternatives are available to the individual

NA-see 73

75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated

Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems

Section 80 Technical Access and Security

The following questions are intended to describe teclmical safeguards and security measures

81 What procedures are in place to determine which users may access the system and are they documented

Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24

82 Will Department contractors have access to the system

No

83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system

NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General

Page 11

Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS

Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA

84 Has Certification amp Accreditation been completed for the system or systems supporting the program

Yes Recertification in progress scheduled to be complete by 92013

85 What auditing measures and technical safeguards are in place to prevent misuse of data

NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including

bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)

bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)

bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)

bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)

bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input

validation

Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress

86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them

WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see

Page 12


Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls

Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively

Section 90 Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology

91 What type of project is the program or system

This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals

92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation

No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns

Section 100 Third Party WebsitesApplications

The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications

101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications

Yes

102 What is the specific pmpose of the agencys use of3rd party websites andor applications

NA- 3rd party websites I applications are not used

Page 13

Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I

103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications

NlA- 3rd party websites I applications are not used

104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used


105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured


106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically

NIA- 3rd party websites I applications are not used

107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications


108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally


109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)


1010 Does the system use web measurement and customization technology

No The system does not use web measurement and customization teclmology

Page 14

Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS

1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology

NA- See 1010

1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated

Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology

Page 15

Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS

Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov

USdagov - Date20130730165402-0600

Paige Niederer Date

Responsible Officials

ige niederer

NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding

Approval Signature

Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations

Page 16

USDA llivacy Impact Assessment Natural Resource Conservation Service WebTCAS

Privacy Impact Assessment for the

Web Total Cost Account System (WebTCAS)

29 July2013

Contact Point Paige Niederer

Natural Resources Conservation Service 970-295-5496

Reviewing Official Lian Jin

Acting Chief Information Security Officer United States Department ofAgriculture

202-720~8493


Abstract




Overview






Page 3


11111















Page4















Pagesmiddot














Page6


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


Abstract




Overview







11111















Page4















Pagesmiddot














Page6


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


11111















Page4















Pagesmiddot














Page6


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16















Pagesmiddot














Page6


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16














Page6


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


~



d




e e









Page7


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


~



Yes











Pages


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


~














Page9


Section 60 Notice









bull







Page 10






NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16


Section 60 Notice









bull












NA-see 73








No



Page 11












validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16






NA-see 73








No














validation




Page 12













Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16












validation
















Yes



Page 13


















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16













Yes




















Page 14



NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16




















NA- See 1010



Page 15



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16



NA- See 1010





USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Page 16



USdagov - Date20130730165402-0600

Paige Niederer Date


ige niederer


Approval Signature


Web Total Cost Account System (WebTCAS) · The Web Total Cost Account System (WebTCAS) is a system...

Documents

Transcript of Web Total Cost Account System (WebTCAS) · The Web Total Cost Account System (WebTCAS) is a system...